#PatchManagement

Exploited Vulnerabilities Can Take Months to Make KEV List

by

November 20, 2023 at 06:40PM The Cybersecurity and Infrastructure Security Agency (CISA) has been criticized for delays in updating its Known Exploited Vulnerabilities (KEV) catalog. The catalog, which lists vulnerabilities that attackers are actively exploiting, often lags behind public disclosure of vulnerabilities and the release of proof-of-concept (PoC) code. CISA’s requirement for clear remediation guidance … Read more

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog

by

November 17, 2023 at 01:06AM The U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation. The vulnerabilities include a Microsoft Windows security bypass, a Sophos command injection, and an unspecified Oracle vulnerability. A critical command injection bug has also been disclosed in FortiSIEM report server. … Read more